Don’t get hooked by Phishing scams
17th June 2013
Don’t get hooked by Phishing scams
Phishing, simply put, is a type of scam. It’s a fraudulent process by which an “attacker” attempts to steal your identity by acquiring sensitive information – such as your username, passwords, personal identity number, or credit card or bank details – by masquerading as a trustworthy entity.
Phishing attacks are occurring with increased frequency and with an increased level of sophistication. The risks are real both in a business environment and in your personal capacity.
Typically carried out via email, instant messaging and text messages, phishing frequently includes the use of proprietary logos and branding, such as a “from” line disguised to appear as if the message came from a legitimate sender. Phishing emails or messages usually contain a link to an authentic-looking website or email address that will capture information from the unsuspecting user. Without realising it people are falling for phishing attempts as these emails and websites are evolving and looking more authentic.
A more targeted form of this attack is called “Spear Phishing.” Unlike standard phishing schemes that use mass emails, these schemes target individuals that fit a certain profile. For example, they may only target people whom scammers believe to be affluent employees of a specific company or governmental agency, or users of a specific site. The aim of these attackers is to get the reader to divulge sensitive information about themselves and/or their organisation.
You can’t prevent phishing attempts; however you can reduce the risk of becoming a victim by following some simple steps:
• Do not assume that spam filters will catch all illegitimate emails. Even if it appears in your inbox, that does not mean it is genuine. Be alert to signs that the message is fraudulent, such as misspellings, poor grammar, and other irregularities. For example beware of emails addressed to ‘Dear Customer’; as a general rule these are scams of some type.
• Phishing attempts often ask for financial or personal information. Unless you have validated the source and the site, never provide personal or business information through a form on the Internet. Legitimate organizations do not ask you to verify your username or password via emails or text messages as they already have that information.
• Often Phishing emails have links to web
addresses that are very similar to authentic websites
including logos and branding. Never click on links in emails
if you are suspicious. Instead:
o Hover your mouse over
the link to see the actual URL (website address), which
might be different from what shows up in the text
o Do
not click on a link. Type (do not copy and paste) the
company’s URL directly into a browser to determine if the
request is legitimate.
• Do not open email attachments from unfamiliar sources. In particular, email attachments with “.scr,” “.com” and “.exe” file extensions may be malicious and could contain malware or a virus.
• Beware of random pop-up screens.
If you believe you have unwittingly become a victim of a phishing attack, remember to check your bank and credit card statements regularly to verify that no unauthorised transactions have taken place.
About
KPMG
network of professional firms providing Audit,
Tax and Advisory services. We operate in 156 countries and
have more than 152,000 people working in member firms around
the world. The independent member firms of the KPMG network
are affiliated with KPMG International Cooperative ("KPMG
International"), a Swiss entity. Each KPMG firm is a legally
distinct and separate entity and describes itself as
such.
ENDS